Lucene search
K

CVE-2011-4449

🗓️ 05 Sep 2012 20:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 15602 Views🌐 WEB

WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary PHP code via file uploads.

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
30 Nov 201100:00
zdt
0day.today
WikkaWiki 1.3.2 Spam Logging PHP Injection
12 May 201200:00
zdt
Circl
CVE-2011-4449
12 May 201200:00
circl
Check Point Advisories
WikkaWiki Spam Logging PHP Injection (CVE-2011-4449)
4 Nov 201300:00
checkpoint_advisories
Cvelist
CVE-2011-4449
5 Sep 201220:00
cvelist
Exploit DB
WikkaWiki 1.3.2 - Multiple Vulnerabilities
30 Nov 201100:00
exploitdb
Exploit DB
WikkaWiki 1.3.2 - Spam Logging PHP Injection (Metasploit)
12 May 201200:00
exploitdb
EUVD
EUVD-2011-4378
7 Oct 202500:30
euvd
exploitpack
WikkaWiki 1.3.2 - Multiple Vulnerabilities
30 Nov 201100:00
exploitpack
NVD
CVE-2011-4449
5 Sep 201220:55
nvd
Rows per page
NVD
Node
ParameterPositionPathDescriptionCWE
fileupload data/wikka/testUnrestricted file upload via INTRANET_MODE allowing multi-extension filenames to execute PHP
actionrequest body/wikka/UserSettingsSQL Injection in UPDATE statement due to unsanitized default_comment_display parameter (CVE-2011-4448)
default_comment_displayrequest body/wikka/UserSettingsSQL Injection in UPDATE statement due to unsanitized default_comment_display parameter (CVE-2011-4448)
emailrequest body/wikka/UserSettingsSQL Injection in UPDATE statement due to unsanitized default_comment_display parameter (CVE-2011-4448)
namerequest body/wikka/UserSettingsSQL Injection in UPDATE statement due to unsanitized default_comment_display parameter (CVE-2011-4448)
passwordrequest body/wikka/UserSettingsSQL Injection in UPDATE statement due to unsanitized default_comment_display parameter (CVE-2011-4448)
actionquery param/wikka/test/files.xmlArbitrary file download via path traversal in files.xml (CVE-2011-4450)
filequery param/wikka/test/files.xmlArbitrary file download via path traversal in files.xml (CVE-2011-4450)
actionquery param/wikka/test/files.xmlArbitrary file deletion via files.xml with admin check bypass (CVE-2011-4450)
filequery param/wikka/test/files.xmlArbitrary file deletion via files.xml with admin check bypass (CVE-2011-4450)
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jun 2026 23:34Current
7.4High risk
Vulners AI Score7.4
CVSS 26.8
EPSS0.04139
15602